Patent · US Active

Intrusion detection using dynamic tracing

US8028336B2 · kind B2 · utility

13Cited by

9References

10Claims

0Family size

Assignee

Oracle America, Inc. · US

Inventors

Christoph L. Schuba · Mountain View, US
Dwight F. Hare · La Selva Beach, US
Hal L. Stern · Livingston, US

Key dates

Filing date	Nov 8, 2005
Grant date	Sep 27, 2011
Priority date	—
Expiry date	Aug 31, 2028

Classification

Technology area (CPC G)Physics
CPC primaryG06F11/3644
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Techniques have been developed whereby dynamic kernel/user-level tracing may be employed to efficiently characterize runtime behavior of production code. Using dynamic tracing techniques, user space or kernel instruction sequences between system calls may be instrumented without access to source code. In some realizations, instrumentation may be interactively specified on a host system. In some realizations, instrumentation specifications may be supplied as functional definitions (e.g., as scripts and/or probe definitions) for installation on a host system. Using the developed techniques, data states, parameters passed and/or timing information may be sampled to provide more detailed insight into actual program behavior. In signature-oriented exploitations, more powerful intrusion signatures are possible. In anomaly-oriented exploitations, a more detailed “sense of self” may be developed to discriminate between normal and anomalous program behavior.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.